[Chromium] Fix a crashing bug due to raciness around SQL database shutdown.
authormichaeln@google.com <michaeln@google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 2 Sep 2011 02:27:34 +0000 (02:27 +0000)
committermichaeln@google.com <michaeln@google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 2 Sep 2011 02:27:34 +0000 (02:27 +0000)
https://bugs.webkit.org/show_bug.cgi?id=67457

The removeOpenDatabase() method can get called multiple times.
Subsequent calls to it should be harmeless instead of cause a crash.

Reviewed by David Levin.

* storage/chromium/DatabaseTrackerChromium.cpp:
(WebCore::DatabaseTracker::removeOpenDatabase):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94383 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/storage/chromium/DatabaseTrackerChromium.cpp

index f5aa522..bc7ad90 100644 (file)
@@ -1,3 +1,16 @@
+2011-09-01  Michael Nordman  <michaeln@google.com>
+
+        [Chromium] Fix a crashing bug due to raciness around SQL database shutdown.
+        https://bugs.webkit.org/show_bug.cgi?id=67457
+
+        The removeOpenDatabase() method can get called multiple times.
+        Subsequent calls to it should be harmeless instead of cause a crash.
+
+        Reviewed by David Levin.
+
+        * storage/chromium/DatabaseTrackerChromium.cpp:
+        (WebCore::DatabaseTracker::removeOpenDatabase):
+
 2011-09-01  Kent Tamura  <tkent@chromium.org>
 
         The filename text color of a file upload control should be inherited.
 
         * page/DOMWindow.idl:
 
+>>>>>>> .r94382
 2011-09-01  Mark Rowe  <mrowe@apple.com>
 
         <rdar://problem/10063411> WebScriptObject.h declares an Objective-C method without a return type.
index fd274ff..89b0e7a 100644 (file)
@@ -129,12 +129,19 @@ void DatabaseTracker::removeOpenDatabase(AbstractDatabase* database)
     MutexLocker openDatabaseMapLock(m_openDatabaseMapGuard);
     ASSERT(m_openDatabaseMap);
     DatabaseNameMap* nameMap = m_openDatabaseMap->get(originIdentifier);
-    ASSERT(nameMap);
+    if (!nameMap)
+        return;
+
     String name(database->stringIdentifier());
     DatabaseSet* databaseSet = nameMap->get(name);
-    ASSERT(databaseSet);
-    databaseSet->remove(database);
+    if (!databaseSet)
+        return;
+
+    DatabaseSet::iterator found = databaseSet->find(database);
+    if (found == databaseSet->end())
+        return;
 
+    databaseSet->remove(found);
     if (databaseSet->isEmpty()) {
         nameMap->remove(name);
         delete databaseSet;